Tests with Tarantool EE runs only with latest msgpack, so "msgpack-deps" variable and Actions steps for it are not used.
deps: bump msgpack requirement to 1.0.4
In this patch we bump msgpack requirement since version 1.0.4 has various vulnerability fixes (for example, [1]). Since the code is still compatible with msgpack-python and older msgpack, tests are not removed in this patch.
In this patch we bump PyYAML requirement since version 6.0 has various vulnerability fixes (see [1-3]). Since PyYAML is used only in tests, the only reason of this patch is to remove Dependabot alerts. After migrating to GitHub Actions issue [4] is no longer relevant, so we are not restricted to using 5.2b1 version. There is no PyYAML 6.0 for Python 3.5 since it reached the end of its life on September 13th, 2020. So this patch removed Python 3.5 pipeline as well.
After update [1] and Tarantool 2.10 release it is possible to install it with setup-tarantool tools. This patch uses setup-tarantool to install release Tarantool 2.10 instead of pre-release one.
ci: remove unused msgpack variable in EE test
Tests with Tarantool EE runs only with latest msgpack, so "msgpack-deps" variable and Actions steps for it are not used.
deps: bump msgpack requirement to 1.0.4
In this patch we bump msgpack requirement since version 1.0.4 has various vulnerability fixes (for example, [1]). Since the code is still compatible with msgpack-python and older msgpack, tests are not removed in this patch.
deps: bump test PyYAML requirement to 6.0
In this patch we bump PyYAML requirement since version 6.0 has various vulnerability fixes (see [1-3]). Since PyYAML is used only in tests, the only reason of this patch is to remove Dependabot alerts. After migrating to GitHub Actions issue [4] is no longer relevant, so we are not restricted to using 5.2b1 version. There is no PyYAML 6.0 for Python 3.5 since it reached the end of its life on September 13th, 2020. So this patch removed Python 3.5 pipeline as well.
ci: install Tarantool 2.10 with GitHub Actions
After update [1] and Tarantool 2.10 release it is possible to install it with setup-tarantool tools. This patch uses setup-tarantool to install release Tarantool 2.10 instead of pre-release one.